Replica Cyber reveals how organizations are handling high-risk work

a CTI analyst being protected from AI threats
Blog

AI Is Making Analysts Easier to Find

Threat Intelligence, Threat Investigations

AI has made research faster. Analysts can summarize open-source intelligence, connect signals across sources, draft investigative leads, translate foreign-language material, and move from question to answer in minutes. For threat research, fraud investigation, M&A diligence, and competitive intelligence, that acceleration is real and valuable.

It also creates a problem that most enterprise security programs aren’t built for yet. As analysts use AI to move faster, their workflows become more repetitive, more structured, and easier to profile from the outside. The next AI security problem arriving for enterprise security teams is attribution.

Data Leakage

Security advice has been on repeat for years: keep confidential data out of public AI tools, don’t allow source code to train models, and build realistic policies, controls, and monitoring around how employees use AI systems. That guidance is sound, and yet.. for teams doing sensitive external research, it addresses less than half the threat model.

Threat intelligence teams, fraud analysts, security researchers, legal teams, government users, and corporate strategy teams regularly need to work inside untrusted digital territory. They visit suspicious domains, observe adversary infrastructure, monitor closed communities, evaluate unknown tools, research acquisition targets, and test emerging AI platforms. For these teams, the question goes beyond sensitive data leaks – into the data and behavioral indicators that may reveal who is doing the research.

Behavior is Machine-Readable

Sensitive research has always left traces such as IP addresses, browser fingerprints, device telemetry, cookies, login behavior, language settings, time zones, and traffic patterns. These can all reveal something about the person or organization behind an activity.

AI can amplify that exposure by repeating patterns much more quickly. When analysts use AI to move faster, they tend to create repeatable workflows. They use similar questions, similar research paths, similar categories of sources, similar artifacts generated in similar sequences again and again. A single visit to a suspicious page may not reveal much, but a recurring pattern of visits, prompts, queries, translations, and infrastructure paths can reveal what an analyst is investigating, which organization they represent, which adversary or target they’re focused on, and when a team started paying attention to a specific issue.

Speed makes research more structured, and for better or worse, structured behavior is easier to detect.

The Adversary Toolset

The AI capabilities that help defenders summarize, correlate, and accelerate research are available to the other side. Attackers can identify repeat visitors, detect unusual research patterns, fingerprint investigative behavior, generate adaptive phishing lures, poison content, or incrementally change infrastructure when they suspect surveillance.

This is most consequential for workflows that depend on invisibility. A fraud team observing a scam network can’t afford to alert the actors behind it. Threat intelligence teams inspecting malicious infrastructure don’t want to surface corporate attribution in the process. A legal or compliance team reviewing high-risk external content can’t expose the employees or infrastructure doing the review to the sources they’re examining.

Exposure changes the outcome in each of these cases, and it doesn’t happen gradually, it’s immediate. The adversary adapts, sources are harder to find, and investigations get contaminated before the team knows it happened.

Browser Isolation

A lot of security architecture treats attribution risk as a browser problem. Isolate the web session, render risky content away from the endpoint, and prevent malware from reaching the user’s device.

However, AI-assisted research doesn’t live in the browser. It involves files, virtual workspaces, AI tools, communications, credentials, multiple personas, cloud applications, developer tools, mobile-only sources, collaboration across analysts, and investigations that need continuity over weeks. Device-focused approaches carry the same limitation. Protecting a phone from storing enterprise data doesn’t really protect the mission from attribution, and it certainly doesn’t prevent a destination from learning that a specific organization or infrastructure path is watching.

For sensitive teams, protection must travel with the comprehensive mission, and all the tactics involved… not just the device or the browser session.

Operational Privacy

Operational privacy means analysts can do the work without exposing themselves, their organization, or their intent to the outside world. Getting there requires more than acceptable-use policies and data loss prevention.

Ideally, analysts could reach suspicious or sensitive destinations without touching trusted endpoints, use AI tools without exposing corporate infrastructure, maintain separation between their identity and external activity, vary environment characteristics like geography and device profile when the work requires it, and collaborate on sensitive material without moving artifacts into uncontrolled spaces. Speed, isolation, anonymity, and governance have to work together. Security teams doing high-stakes research can’t be forced to choose between moving quickly and staying hidden.

Research as the Attack Surface

Fraud analysts may be creating behavioral signature that persists across sessions, and the same is true for threat intelligence teams, corporate development teams running AI-assisted M&A research, and compliance teams using AI against case data. The exposure for all these roles accumulates not in the model but in the pattern of use, and the adversary reading that pattern doesn’t need access to the model to act on it.

Security leaders building AI programs for these teams are inheriting a problem that acceptable-use policies weren’t designed to address. Governed environments that isolate the analyst’s activity, vary their external footprint, and maintain auditability without generating attribution are the missing piece… and they need to be part of the AI security conversation now, before the workflows mature and the patterns become permanent.

Grey Market Labs is a Public Benefit Corporation founded with the social mission to protect life online. We build revolutionary software and hardware products, and partner with like-minded industry leaders, to create a future with “privacy-as-a-service”.

Simply: we prevent data from being compromised and protect our customers work, online.

Contact us to see how we can work together.